Mitsubishi UFJ Morgan Stanley PB Securities

Strengthens its defense against targeted email attacks

Overview

Mitsubishi UFJ Morgan Stanley PB Securities Co., Ltd., one of Japan’s largest private banks, offers asset management services for corporate clients and high-net-worth individual clients through over 280 financial advisers (FAs). Each FA provides long-term support to the same clients, proposing products and services for all of life’s events and needs. The company, which became a wholly owned subsidiary of the Mitsubishi UFJ Financial Group (MUFG) in December 2012, migrated its IT systems to a new infrastructure and adopted Microsoft® Office 365™. ”In addition to the PCs that all employees use, our company provides iPhones and iPads to FAs, who are often out of the office. We adopted Office 365 as a communication platform for all of these devices,” says Minoru Sakuma, Vice President, Technology at Mitsubishi UFJ Morgan Stanley PB Securities Co., Ltd.

"The trust of our customers is our most important asset. Cloud App Security plays an important role in protecting that trust from targeted cyberattacks."

Challenges

As it undertook the company-wide use of Microsoft® Office 365™, the company quickly recognized the threat of targeted cyber attacks. “Particularly from the second half of 2015, there has been a rash of reports concerning serious damage from such attacks. We felt a strong need to strengthen our countermeasures,” said Sakuma.

The company immediately established a Computer Security Incident Response Team (CSIRT) and took action to strengthen the security of its use of Office 365. The company’s goal was to enhance its capability to detect and block suspicious email, the primary route of intrusion for targeted cyber attacks. ”Office 365 is equipped with the Exchange Online Protection service, which offers functions that include spam email filtering. However, we felt more security was needed against sophisticated targeted email attacks. We decided to reinforce the email security of Office 365 with a solution that offered sandboxing functions,” said Masami Ando, Assistant Vice President, Technology, at Mitsubishi UFJ Morgan Stanley PB Securities Co., Ltd.

"Security tools that are difficult to use and manage is meaningless, as it prevents an organization from strengthening countermeasures required to moving forward. We feel that Cloud App Security is easy to use and helps us to eliminate that risk."

Why Trend Micro

After comparing various security solutions, the company selected Trend Micro™ Cloud App Security™. A key reason for its selection was the solution’s ability to get up and running quickly. “Cloud App Security integrates with Office 365 through APIs, making it easy to implement in the same manner as an add-on function,” said Kazuhiro Ando, President and CEO of Prospex Co., Ltd., which supports the Mitsubishi UFJ Morgan Stanley PB Securities’ information systems, and was involved in the testing and selection of the Trend Micro solution.

Ando was particularly impressed with the fact that the scope of the application could be extended on a per-user basis. “This means that it can be adopted on a trial basis by a department, then rolled out company-wide after testing. This ease of adoption and flexibility is very compelling,” said Ando.

"Cloud App Security is undoubtedly the optimal solution for strengthening the security of Office 365. We are convinced it leads other products in ease of adoption, flexibility, and ease of use."

Kazuhiro Ando,
President Prospex Co.,Ltd.

Solution

The company currently applies Cloud App Security to Exchange Online. When an email with a high risk level is detected, it is quarantined. At the same time, a notification is sent to the CSIRT, and relevant employees check for malware infection. So far, only one email has been deemed by Cloud App Security to be high risk, and the company says no safe and relevant email has failed to reach employees due to misidentification.

Cloud App Security also received high marks for its deep compatibility with Microsoft® Office 365™. “Cloud App Security is designed with Office 365 in mind, and solidly complements Exchange Online Protection. Cloud App Security integrates with Active Directory for automated user management, and its GUI is refined and easy to use,” said Ando.

Cloud App Security allows manual checking of mailboxes to investigate latent threats with the use of up-to-date threat information. Before adopting Cloud App Security, the company subjected the product’s service platform to a careful check for conformity with financial institution security requirements.

Results

The company is accumulating operational knowledge on the solution and is fine-tuning the product’s threat determination. “Adding user accounts is a necessary task during operations, but it isn’t directly related to strengthening security. Cloud App Security makes such tasks efficient and automated, giving us time to focus on other important measures such as the fine-tuning our security,” said Prospex’s Ando.

The Cloud App Security GUI also contributes to increased efficiency of operations. “With the Cloud App Security dashboard, we can check on the status of incoming suspicious email at a glance, and quickly assess what is going on. This sort of advanced GUI is extremely helpful in boosting the efficiency of security operations,” said Sakuma.

What's Next

Looking ahead, Mitsubishi UFJ Morgan Stanley PB Securities plans to broaden the application of Cloud App Security to Office 365’s SharePoint® Online and bolster internal security. “We believe that simply strengthening measures at the system gateway is not sufficient preparation against targeted cyber attacks. We hope to focus on internal countermeasures that quickly detect infiltrated threats in the network and lead to appropriate actions. We look forward to support by Trend Micro for these initiatives as well,” said Sakuma.